Bitbucket无法加载Google云密钥文件

问题描述 投票:0回答:2

Bitbucket无法使用Google云服务密钥读取我的base64编码的json文件。我自己已经成功编码并解码了相同文件,Bitbucket尝试解码该文件。但是Bitbucket无法执行此操作,并显示base64: invalid input错误。这是完整的错误消息:

Status: Downloaded newer image for bitbucketpipelines/google-app-engine-deploy:0.6.1
INFO: Setting up environment.
echo "${KEY_FILE}" | base64 -d >> /tmp/key-file.json
base64: invalid input
gcloud auth activate-service-account --key-file /tmp/key-file.json --quiet --verbosity=warning
ERROR: (gcloud.auth.activate-service-account) Could not read json file /tmp/key-file.json: Unterminated string starting at: line 3 column 17 (char 49)
gcloud config set project wowzers --quiet --verbosity=warning
Updated property [core/project].
INFO: Starting deployment to GCP app engine...
gcloud app --quiet deploy app.yaml --version=14 --promote --stop-previous-version --verbosity=debug --quiet --verbosity=warning
ERROR: (gcloud.app.deploy) You do not currently have an active account selected.

据我了解,它在"project_id": "上失败了。解码后的文件如下所示:

{
  "type": "service_account",
  "project_id": "project-318",
  "private_key_id": "...",
  ...
}

我尝试先通过环境变量然后通过文件来提供我的base64编码的密钥文件。但是有同样的错误。当无法提取JSON bitbucket时,将写入以下错误:ERROR: (gcloud.auth.activate-service-account) Could not read json file /tmp/key-file.json: No JSON object could be decoded

google-app-engine bitbucket-pipelines
2个回答
0
投票

结果表明,来自Google云的密钥文件包含换行符:\n。因此结果base64编码的文件也看起来像这样:

HhsUUrAkupWJ6vdesSRHwNhnPpgxByYT7z7HVBEPsrUpjLWdX6TQm4pHNJydsC34F
RvVYyBAedgLhWPPGPvU6UBJww3aNxQnJS95ZvKDBuNr5CNTtAgh6EgsattRrZtawH
fjphVs82UWZZFq3JUeGwGdTs88XWu6ejaPYZknnD94W7pU6Ds8vJHGhAnBw9FtkrA
gjp4UFZN2Yg9KJFSrTfFA6dUsp2dPVN6VzVfpqJzGrxbFBjWQAp4zK5TXhJaN4zDr
.....

但是为了将其传递给Bitbucket,您需要将它们全部放在一行中:

HhsUUrAkupWJ6vdesSRHwNhnPpgxByYT7z7HVBEPsrUpjLWdX6TQm4pHNJydsC34FRvVYyBAedgLhWPPGPvU6UBJww3aNxQnJS95ZvKDBuNr5CNTtAgh6EgsattRrZtawHfjphVs82UWZZFq3JUeGwGdTs88XWu6ejaPYZknnD94W7pU6Ds8vJHGhAnBw9FtkrAgjp4UFZN2Yg9KJFSrTfFA6dUsp2dPVN6VzVfpqJzGrxbFBjWQAp4zK5TXhJaN4zDr....

我手动删除了新的线符号后,它显示了成功消息:Activated service account credentials for: [project]

0
投票

[我可以建议使用GCP的KMS(密钥管理服务)。。解密base 64非常容易,在KMS下,您将需要具有适当的用户角色才能对其进行解密。使用KMS的步骤如下所示:

KEYRING=kubernetes-secrets
KEY=generic-type-encryption-key

gcloud kms keyrings create $KEYRING --location asia-east2
gcloud kms keys create $KEY --location asia-east2 \
                            --keyring $KEYRING \
                            --purpose encryption

gcloud kms encrypt --location asia-east2 \
                       --keyring $KEYRING \
                       --key $KEY \
                       --plaintext-file example.txt \
                       --ciphertext-file encrypted.example.txt
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.